Could Internet service providers help provide basic privacy services to all users?
Most people leave a trail when surfing the Web. Information
such as a computer's IP address can be traced back to users, or used to reconstruct a profile of browsing habits. Search engines amass large quantities
of data on individuals. Though they don't store this along with usernames,
researchers have previously shown that individuals can still be identified using this data.
People who want to avoid leaving this trail can turn to
services such as Tor,
an open-source system designed to muddy the path a user's data travels over the
Internet (see "Dissent Made Safer"). But Tor struggles with slow network performance,
and the service might be overwhelmed if too many users adopted it without
also contributing resources.
Last week, at the 9th annual Privacy
Enhancing Technologies Symposium, researchers described some more robust protections. They wondered if privacy protection could come from the ISPs responsible for the backbone of the Internet.
One project, anon.next, presented by Matthew Wright, who co-directs the
iSec research lab at the University of Texas at Arlington, looks ahead to
next-generation deployments of the Internet itself. In the event of a redesign of
Internet architecture, Wright argues, proxies that help preserve anonymity
could be built in. He envisions working with ISPs to determine points in the
network where the proxies would be effective both in terms of protection and
performance.
Other researchers are looking for solutions that could work
on the Web as it is today. Barath
Raghavan, a visiting assistant professor at Williams
College in Massachusetts, along with researchers from the University of
California, San Diego, and the University of Washington, suggest a protocol
that could effectively hide a user's IP address within the rest of an
Internet service provider's traffic. The researchers say that adding their
system wouldn't hurt performance, and would work in conjunction with Tor and
other privacy-protection services. They suggest that ISPs might be willing to add the
protocol as a benefit to attract customers, similar to services offered by
telephone companies that prevent users from being identified by called ID.
While ISPs are a logical place to turn for privacy help,
events such as the passage of the Patriot Act in the United States, which made it possible for the authorities to demand information without a subpoena, make ISPs uncertain allies. The bottom line is, they're only likely to help
if there's a large customer demand for privacy.
Most people think of online privacy as something most important for citizen journalists in countries with oppressive regimes. However, the number of business models that rely on the collection and sale of user data may for some people in this country to reconsider taking steps to protect it.
Massachusetts Institute of Technology
Comments
What I (and others) are really asking for is anonymity. I want my the personal identity to remain unknown while using the park or the Internet. Journalist (and the consumer) keep confusing the two.
Similarly cash provides anonymous financial transactions while a credit card does not.
The consequences of providing Internet anonymity is the lack of accountability it creates.
khurt
08/10/2009
Posts:8
Two internets: one where our ip address verifies who we are and we never have to accept email from any address that is not verifiable and accountable and one for the rest who insist on behaviors that do not mix well with accoutability (that probably looks like today's internet).
To hazard a guess, I would say the short answer (and short-sighted reasoning) might be money. Do most of the internet based revenue streams rely on spamming/advertisement from unknown email addresses or other schemes that require complete privacy and anonymity?
Whether that's true or not, the internet has degenerated into an unsafe place to do business and something needs to be done. While the banking and retail industries may not be very interested in spending additional money on the technology, their internet based business is at risk. If we, the public, stop doing our personal business on the internet because of the personal risk involved, the industry's current significant investment in the internet becomes a another negative factor on a challenged income statement.
Bradford E. Black, CPP
bblack
08/18/2009
Posts:1
Exactly!
It is a double-edged sword. It's good if it protects dissenters. It's bad if it protects terrorists or criminals. And who is which sometimes (often, but not always) depends on which side of the fence you're sitting.
DaveT
dtutelman
08/10/2009
Posts:63